From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id ED129138206 for ; Tue, 16 Jan 2018 22:19:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3F759E0905; Tue, 16 Jan 2018 22:19:23 +0000 (UTC) Received: from avasout05.plus.net (avasout05.plus.net [84.93.230.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BBB5AE08EA for ; Tue, 16 Jan 2018 22:19:22 +0000 (UTC) Received: from [192.168.6.147] ([212.159.46.162]) by smtp with ESMTP id bZZfe7kzkyDvlbZZgeObCd; Tue, 16 Jan 2018 22:19:21 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.3 cv=AujAIt1P c=1 sm=1 tr=0 a=RuViaDnnNG9rfPLW4VJocg==:117 a=RuViaDnnNG9rfPLW4VJocg==:17 a=13zjGPudsaEWiJwPRgMA:9 a=7mOBRU54AAAA:8 a=4qKbuhoB5VZSboR5qi0A:9 a=QEXdDO2ut3YA:10 a=qURl_jLVunaq94AlBrMA:9 a=ONNS8QRKHyMA:10 a=wa9RWnbW_A1YIeRBVszw:22 Subject: Re: [gentoo-dev] News Item: GnuCash 2.7+ Breaking Change To: gentoo-dev@lists.gentoo.org References: <20180110183135.GD15225@martineau.grandmasfridge.local> <1515617164.20929.1.camel@gentoo.org> <20180116150745.0000412a@tightmail.com> <20180116144559.GA6684@gengoff> <20180116225602.280cd36e.openhs@tightmail.com> From: "M. J. Everitt" Openpgp: id=BA266E0525CFAB101523351B4C30334F93C22371 Message-ID: Date: Tue, 16 Jan 2018 22:19:15 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180116225602.280cd36e.openhs@tightmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D3O6RD7uqM8mhvhr27XlS7vn8UN03dFdB" X-CMAE-Envelope: MS4wfBDWeUgjSSKWGWFPbReLOcI11yvnPq2MjvdIS+GU2HdRSeVAX6VX6/9hJoTxzmsTIcm0QyjdGBXeRsqY4A5N0mNyULtkuMEabenzLuceMm9mDyU7NcLT pWKYBhgpSIzjmRulSaG7pwM3rOCAEUzRgWKlQ9q7pIDkadsFCMptq4iCyFayJJz3DErY3Qg6rh3HRg== X-Archives-Salt: 1fca9289-7624-47ea-b691-05d752e4031d X-Archives-Hash: 85511f3c667b15dec109e710a9cdd060 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --D3O6RD7uqM8mhvhr27XlS7vn8UN03dFdB Content-Type: multipart/mixed; boundary="EkqNN06DKjrijDJNVlodMPG0qoLeP1jfm"; protected-headers="v1" From: "M. J. Everitt" To: gentoo-dev@lists.gentoo.org Message-ID: Subject: Re: [gentoo-dev] News Item: GnuCash 2.7+ Breaking Change References: <20180110183135.GD15225@martineau.grandmasfridge.local> <1515617164.20929.1.camel@gentoo.org> <20180116150745.0000412a@tightmail.com> <20180116144559.GA6684@gengoff> <20180116225602.280cd36e.openhs@tightmail.com> In-Reply-To: <20180116225602.280cd36e.openhs@tightmail.com> --EkqNN06DKjrijDJNVlodMPG0qoLeP1jfm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 16/01/18 21:56, R=C3=B3bert =C4=8Cer=C5=88ansk=C3=BD wrote: > On Tue, 16 Jan 2018 15:58:11 +0100 > Kristian Fiskerstrand wrote: > >> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: >>> Given the situation, we have a choice: Remove GnuCash altogether, or >>> press ahead with recommending a version upstream considers >>> unstable. =20 >> Or 3, discuss with upstream to see if they can release an updated >> version as stable branch. > 4. Mask the vulnerable webkit-gtk. This way: A. User is informed. > B. Manual action is required to continue using such package. > > I see this as the most obvious choice considering that I am still > unable to find any possible attack vector against GnuCash. If it is me= > and only me who enters data. Webkit reports are generated from those > data. How can anyone hack me through GnuCash? > > In general, many times users use applications in a way that > vulnerabilities does not apply to their use cases. I would prefer to > be informed and allowed to continue using such application as a part of= > the distro. > > Robert > > Forgive my potential misunderstanding here .. but who's actively preventing you from using GnuCash 2.6? You can take a copy locally to /usr/local/portage so that When/If finally it gets removed from the central package 'tree' it will run for you provided its requirements are still met on your system ... --EkqNN06DKjrijDJNVlodMPG0qoLeP1jfm-- --D3O6RD7uqM8mhvhr27XlS7vn8UN03dFdB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaXnpnAAoJEGPnxnn01DHdKpsP/33aofmdvJqLvGBc//hx8+UQ 4h+6YLQEzgwgkGveByCA2Z8IcXz/2wfTR1TcHuep1KzJo1WhlVsMy1heMcPgv3wO Ui0JfxLGvREpjh76AmdO3zqj8KuJa+XpuUhmcRavtABQjpN/hnh25zdF2C0R3hKC vX+iE2LOFFsHHb+rQGyN2SVpb9bjIg3uSBVm6BS+kcurQUViNZuwIi4p6JZ/2XaR mMWt/OqiC5XvwMByXWrqRmJxCLrNZ6LW1PRu1HBacMgCp2vQ1PB/MX/vCbYbHn34 DG5SlXNq3TBoPJRanDC8ia/DOKQQTPfD5Ix3otyaLvrzejEcdmg56m6+T76tvKVr D7Y+dI8mvZ4kaxy4d1WZ5um773aH0tFHUUxIHsWVB4bFLHotsw8c08Yte5ZpiYrD JeLdH+nml6aj5ZgRh77e9fR6xiH/1GUQv3yUOniZLNzMLVrufET46ll6BvMu6lj+ Dnhbvna4DZPaXxsNqHxXCLp4z5hisj9K+ywsGVVKqW79ME3cT57s6bbBrFpr3Tzt lVN8mgTa4EP6SPJT6nngF7lIYjsCeFDzhzCYXxagMWUmnP8EXHPvfeRWZVVytuED ncW9UY6UZXVYpIHp2+Jl2OilPCFxysWiRM/savdXHlwwlyb0Nt5iXtx0bp/MxPoN WuXhEsioc6rFJJScWrwQ =NYkA -----END PGP SIGNATURE----- --D3O6RD7uqM8mhvhr27XlS7vn8UN03dFdB--